top | item 28978393

(no title)

In 2017 I found a security issue with the Tesco website. It was a minor security issue, but I could see they had _attempted_ to stop people doing what I could do.

I did manage to find an email address, but I got a templated response, and when I checked a year later it was still not fixed.

Sure, it was a minor issue, but I was surprised Tesco didn't have a proper Vulnerability Disclosure Program or Bug Bounty program. A bug bounty program is an inexpensive way to avoid exactly this sort of issue.

discuss

No comments yet.